Categorize the system and document the security categorization results as part of system requirements.